North Korean Hackers Use Fake Zoom Updates to Install macOS Malware
securityweek
North Korean hackers are luring employees at web3 and crypto-related organizations into installing Nim-compiled macOS malware via fake Zoom software updates, SentinelOne reports.
The observed attacks follow an infection chain recently attributed to Pyongyang APT BlueNoroff: hackers impersonate a victim’s trusted contact to invite them over Telegram to schedule a meeting via the popular Calendly scheduling platform.
The victim then receives an email containing a link to a Zoom meeting, and is instructed to run a malicious script posing as a Zoom SDK update. The script’s execution triggers a multi-stage infection chain leading to the deployment of malicious binaries that SentinelOne collectively tracks as NimDoor.
Analysis of the attacks revealed novel techniques employed by the hacking group, such as using the Nim programming language to build macOS binaries, abusing wss for process injection and remote communication, and relying on specific signal handlers for persistence.
Nim is a statically ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE